Welcome to Port3101.org : Your BES Connection Mark forums read | View Forum Leaders
Port3101.org : Your BES Connection



Reply
LinkBack (35) Thread Tools Display Modes
KB02276 - Assigning permissions for a BlackBerry Enterprise Server service account
 
  35 links from elsewhere to this Post. Click to view. #1 (permalink)  
Old 02-08-2009, 12:44 PM
hdawg's Avatar
Proprietor
 
Join Date: Nov 2008
Posts: 2,257
Blog Entries: 147
Default KB02276 - Assigning permissions for a BlackBerry Enterprise Server service account

NOTE: This KB supersedes the information listed in http://www.port3101.org/featured-bla...e-account.html

KB02276 - Assigning permissions for a BlackBerry Enterprise Server service account


Environment

  • BlackBerry® Enterprise Server for Microsoft® Exchange
  • Microsoft® SQL Server®



Overview

The following permissions can be assigned for the BlackBerry Enterprise Server service account:
  1. Local Administrator rights on the BlackBerry Enterprise Server
  2. Local Security Policy permissions for the BlackBerry Enterprise Server service account
  3. Microsoft Exchange permissions at the Administrative Group level
  4. Microsoft Exchange permissions at the Microsoft Exchange Server level
  5. Send As permission at the Domain level
  6. Database permissions for managing the BlackBerry Configuration Database
Note: The BlackBerry Enterprise Server service account should have the Domain User role, not the Domain Administrator role. See KB04557 for more information.

Task 1

To assign Local Administrator rights to the BlackBerry Enterprise Server service account, complete the following steps:
For a BlackBerry Enterprise Server on a Domain Controller
  1. Click Start > Programs > Administrative Tools > Active Directory Users and Computers.
  2. Select the Builtin folder.
  3. Double-click Administrators.
  4. On the Members tab, click Add.
  5. Select the BlackBerry Enterprise Server service account name (for example, BESAdmin), and then click Add.
  6. Click OK.
  7. Click OK.
For a BlackBerry Enterprise Server on a Member Server
  1. Click Start > Administrative Tools > Computer Management.
  2. In the left pane, expand System Tools and click Local Users and Groups.
  3. In the right pane, double-click Groups.
  4. Right-click Administrators and click Properties.
  5. In the Select Users, Contacts, Computers, or Groups window, select the BlackBerry Enterprise Server service account name.
  6. Click OK.


Task 2

To assign Local Security Policy permissions to the BlackBerry Enterprise Server service account, complete the following steps:
Note: This procedure allows the BlackBerry Enterprise Server service account to access the local computer and to run the BlackBerry Enterprise Server software as a Windows® service.
  1. Click Start > Administrative Tools > Local Security Policy. If the computer is a domain controller, click Start > Administrative Tools > Domain Controller Security Policy.
  2. In the Local Securities window, click Local Policies > User Rights Assignment.
  3. Perform one of the following steps:
    • For Windows Server® 2000, double-click Log on Locally.
    • For Windows Server 2003, double-click Allow Log on Locally.
  4. Click Add User or Group.
  5. Select the BlackBerry Enterprise Server service account name, and then click Add.
  6. Click OK.
  7. In the Local Security Settings window, double-click Log On As a Service.
  8. Click Add User and then select the BlackBerry Enterprise Server service account.
  9. Click OK.

Task 3

To assign Microsoft Exchange Server permissions at the Administrative Group level, complete the following steps for your environment:
Note: This procedure allows a system administrator to manage BlackBerry smartphone users and groups.
For Microsoft Exchange 2000 or 2003
  1. Click Start > Programs > Microsoft Exchange > System Manager.
  2. Select Administrative Groups.
  3. Right-click First Administrative Group and select Delegate Control.
  4. In the Exchange Administration Delegation Wizard, click Next, and then click Add.
  5. Click Browse and then select the BlackBerry Enterprise Server service account.
  6. Click OK.
  7. In the Role drop-down list in the Delegate Control window, select Exchange View Only Administrator.
  8. Click OK to add the BlackBerry Enterprise Server service account to the Users and Groups list.
  9. Click Next, and then click Finish.
For Microsoft Exchange 2007
To set an Exchange View Only Administrator role:
  1. Click Start > Programs > Microsoft Exchange Server 2007 > Exchange Management Shell.
  2. In the command prompt window, type the following and then press ENTER:
add-exchangeadministrator <BESAdmin> -role ViewOnlyAdmin
where < BESAdmin> is the name of the BlackBerry Enterprise Server service account.
To check an Exchange View Only Administrator role:
  1. Click Start > Programs > Microsoft Exchange Server 2007 > Exchange Management Shell.
  2. In the command prompt window, type the following and then press Enter: get-exchangeadministrator | Format-List
  3. Verify that the BlackBerry Enterprise Server service account has the ViewOnlyAdmin role.

Task 4

To assign Microsoft Exchange Server permissions at the Microsoft Exchange Server level, complete the following steps:
For Microsoft Exchange 2000 or 2003
  1. Click Start > Programs > Microsoft Exchange > System Manager.
  2. Select Administrative Groups > First Administrative Group > Servers.
  3. Right-click the Microsoft Exchange Server name and then click Properties.
  4. On the Security tab, select the BlackBerry Enterprise Server service account.
  5. Select the following permissions from the Permissions list:
    • Administer Information Store
    • Send As
    • Receive As
  6. Click the Advanced button.
  7. Verify that the Select the Allow inheritable permissions from parent to propagate to this object and all child objects option is selected.
  8. Click OK.
  9. Repeat the preceding steps for each Microsoft Exchange Server that will host mailboxes within the routing group.
For Microsoft Exchange 2007
To set Send As, Receive As, and Administer Information Store permissions, complete the following steps:
  1. Click Start > Programs > Microsoft Exchange Server 2007 > Exchange Management Shell.
  2. Type the following line, and then press Enter:
get-mailboxserver <Exchange2007> | add-adpermission -user <BESAdmin> -accessrights GenericRead, GenericWrite -extendedrights Send-As, Receive-As, ms-Exch-Store-Admin
Where < Exchange2007> is the name of the Microsoft Exchange 2007 Server and < BESAdmin> is the name of the BlackBerry Enterprise Server service account.
If inheritiance to the individual mail stores is not enabled, to set the Send As, Receive As, and Administer information store permissions at the store level, complete the following steps from the Exchanage management shell:
get-mailboxdatabase <Exchange2007>\<dbname> | add-adpermission -user <BESAdmin> -accessrights GenericRead, GenericWrite -extendedrights Send-As, Receive-As, ms-Exch-Store-Admin
Where <dbname> = 'First storage group\Mail box database'
To verify the Send As, Receive As, and Administer Information Store permissions, complete the following steps:
  1. Click Start > Programs > Microsoft Exchange Server 2007 > Exchange Management Shell.
  2. In the command prompt window, type the following line and press Enter.
get-mailboxserver <Exchange2007> | get-ADpermission -user <BESAdmin> | Format-List
To verify the Send As, Receive As, and Administer Information Store permissions at the mailbox store level, complete the following steps:
  1. Click Start > Programs > Microsoft Exchange Server 2007 > Exchange Management Shell.
  2. In the command prompt window, type the following and press Enter.
get-mailboxdatabase <Exchange2007>\<dbname> | get-ADpermission -user <BESAdmin> | Format-List

For Microsoft Exchange 5.5 The BlackBerry Enterprise Server service account requires the Service Account Admin permissions on the Site container and Configuration container.

Task 5

To grant the Send As permission on a single account for all BlackBerry smartphone users in a Microsoft® Active Directory® domain or container, complete the following steps:
  1. Open Active Directory Users and Computers.
  2. From the View menu, select the Advanced Features option. Note: If Advanced Features is not selected, the Security tab will not be visible for domain and container objects.
  3. Right-click the appropriate domain or container and then click Properties.
  4. On the Security tab, click Advanced.
  5. If the BlackBerry Enterprise Server service account that requires the Send As permission is not listed, click Add and then select the BlackBerry Enterprise Server service account name.
  6. Click OK.
  7. Double-click the BlackBerry Enterprise Server service account name.
  8. Select User Objects in the Applies Onto list.
  9. Select the Send As check box.
  10. Click Apply and then click OK.
  11. Close the Properties window and then close Active Directory Users and Computers.
Note: For more information about the Send As permission, see article 912918 in the Microsoft Support Knowledge Base.

Task 6

For additional information on assigning the required permissions for the BlackBerry Configuration Database, see KB03112.
For additional information on the permissions that are required to manage the BlackBerry Configuration Database, see KB03633.



Additional Information

Microsoft Exchange 2007 is supported in BlackBerry Enterprise Server software version 4.1 Service Pack 3 (4.1.3) and later.
If the server is a Microsoft SQL Server, assign the Server roles by completing the following steps:
Note: The following is not applicable to Microsoft SQL Server Desktop Engine (MSDE).
  1. In the SQL Enterprise Manager, go to Microsoft SQL Servers/SQL Server Group/<SQL_server_name>.
  2. Expand the Microsoft SQL Server and expand security.
  3. Right-click Logins.
  4. Click New Login.
  5. On the General tab, click the button next to the Name field.
  6. Select the new BlackBerry Enterprise Server service account name from the Names list.
  7. Click Add.
  8. Click OK.
  9. From the Server Roles tab, select Server Administrators and Database Creators from the Server Role list. Note: If you are running BlackBerry Enterprise Server software version 4.1 or later, add the System Administrators role to add BlackBerry smartphone users in a role-based administration environment. For instructions, see the BlackBerry Enterprise Server for Microsoft Exchange: System Administration Guide.
  10. On the Database Access tab, select the check box for the BlackBerry Configuration Database.
  11. In the Database Roles for <BlackBerry_Configuration_Database_name> list, select the db_owner check box.
For information on switching service accounts for BlackBerry Enterprise Server software versions 4.0 and 4.1, see KB04293.

__________________
http://blog.port3101.org/hdawg/
Reply With Quote
Sponsored Links
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Trackbacks are On
Pingbacks are On
Refbacks are On


LinkBacks (?)
LinkBack to this Thread: http://www.port3101.org/featured-blackberry-kb-articles/503-kb02276-assigning-permissions-blackberry-enterprise-server-service-account.html
Posted By For Type Date
BlackBerry Forums Support Community - BESAdmin sent of behalf of CEO This thread Refback 10-02-2014 12:52 PM
How to grant the full access permission to a user? This thread Refback 01-13-2014 07:19 PM
How to grant the full access permission to a user? This thread Refback 09-18-2013 10:25 PM
How to grant the full access permission to a user? This thread Refback 09-03-2013 08:22 AM
How to grant the full access permission to a user? This thread Refback 02-11-2013 04:45 PM
massivearrow This thread Refback 10-19-2012 11:10 AM
glowingcircle This thread Refback 10-18-2012 06:19 PM
swirlyportal This thread Refback 08-16-2012 11:50 AM
NorCross HawkEye F3355P Fish Finder (Sep 11, 2006) This thread Refback 06-25-2012 07:48 PM
404 Not Found This thread Refback 06-15-2012 01:01 PM
I added BlackBerry Service Account name in Black Berry user’s security tab but after some time it is not there, This thread Refback 05-30-2012 03:56 PM
I added BlackBerry Service Account name in Black Berry user?s security tab but after some time it is not there, This thread Refback 07-07-2011 02:32 PM
the blackberry mail store service service terminated with service specific error 5406 0x151e ::DoGizmo.com:: This thread Refback 07-06-2011 06:00 AM
KB17054 - Assigning permissions for the BlackBerry Enterprise Server service account This thread Refback 06-15-2011 01:13 PM
Calendar Sync issues for Blackberry Professional Manager for Exchange - Page 2 - BlackBerryForums.com : Your Number One BlackBerry Community This thread Refback 11-01-2010 03:45 PM
BESx 5.0.1 Activation problems - BlackBerryForums.com : Your Number One BlackBerry Community This thread Refback 07-22-2010 03:16 PM
Search: BES service send-as - MetaCrawler This thread Refback 05-23-2010 11:45 AM
How to grant the full access permission to a user? This thread Refback 03-19-2010 02:58 AM
BES on two exhcange servers? - BlackBerryForums.com : Your Number One BlackBerry Community This thread Refback 03-03-2010 09:44 AM
Permisions set on active directory (BES install) - BlackBerryForums.com : Your Number One BlackBerry Community This thread Refback 01-12-2010 05:31 PM
I added BlackBerry Service Account name in Black Berry user?s security tab but after some time it is not there, This thread Refback 12-21-2009 04:43 PM
I added BlackBerry Service Account name in Black Berry user?s security tab but after some time it is not there, This thread Refback 11-17-2009 11:40 AM
BlackBerryForums.com : Your Number One BlackBerry Community This thread Refback 11-10-2009 02:56 PM
I added BlackBerry Service Account name in Black Berry user?s security tab but after some time it is not there, This thread Refback 11-08-2009 09:50 PM
Calendar Sync issues for Blackberry Professional Manager for Exchange - BlackBerryForums.com : Your Number One BlackBerry Community This thread Pingback 09-12-2009 11:45 AM
Mailstore service will not restart - BlackBerryForums.com : Your Number One BlackBerry Community This thread Pingback 08-24-2009 11:36 AM
Tried to install Blackberry Professional Server, but failed. - BlackBerryForums.com : Your Number One BlackBerry Community This thread Pingback 08-12-2009 08:38 PM
Unable to Open BES After Domain Admin PW Change - BlackBerryForums.com : Your Number One BlackBerry Community This thread Pingback 08-12-2009 01:01 PM
BlackBerry Server - BlackBerryForums.com : Your Number One BlackBerry Community This thread Pingback 08-11-2009 02:44 PM
Bes On A Standalone Server - BlackBerryForums.com : Your Number One BlackBerry Community This thread Pingback 08-11-2009 11:57 AM
Activation issues mixing Verizon with AT&T - BlackBerryForums.com : Your Number One BlackBerry Community This thread Refback 08-06-2009 03:38 PM
Switching Devices, quick how to? - BlackBerryForums.com : Your Number One BlackBerry Community This thread Pingback 07-07-2009 11:17 AM
New to BES management - BlackBerryForums.com : Your Number One BlackBerry Community This thread Refback 06-18-2009 03:43 PM
Enterprise Activation Issues - BlackBerryForums.com : Your Number One BlackBerry Community This thread Refback 06-05-2009 01:30 PM
Permisions set on active directory (BES install) - BlackBerryForums.com : Your Number One BlackBerry Community This thread Pingback 04-21-2009 10:00 AM

Similar Threads
Thread Thread Starter Forum Replies Last Post
Send As permissions for BES service account millardus Port 3101: The BES Admin Bar & Grill 0 11-19-2009 09:13 AM
KB12789 - Check the BES account permissions on a BlackBerry smartphone user's mailbox hdawg Featured BlackBerry KB Articles 0 09-02-2009 10:02 PM
KB05201 - Permissions required for a BlackBerry Enterprise Server upgrade hdawg Featured BlackBerry KB Articles 2 08-17-2009 06:12 PM
KB05127 - How to update the BlackBerry Enterprise Server service account password Si Featured BlackBerry KB Articles 0 03-20-2009 03:53 AM
KB17054 - Assigning permissions for the BlackBerry Enterprise Server service account hdawg Featured BlackBerry KB Articles 1 02-08-2009 12:46 PM


All times are GMT -4. The time now is 10:28 PM.
Powered by vBulletin® Version 3.8.9
Copyright ©2000 - 2019, vBulletin Solutions, Inc.


 

SEO by vBSEO 3.3.2 PL2